Hello
We are trying to connect to an Impala instance on a Cloudera 5.14 cluster secured by kerberos MIT using KNIME AP 4.0, but we have not been successful so far.
We first setup the Kerberos Configuration in Preferences. “Validate” and “Log in” work as expected.
We have tried setting up 4 Connectors as follows:
1. Using the built-in JDBC Impala driver, with JDBC Parameters
kerberosAuthType=fromSubject
principal=impala/<hostname>@<REALM>
ssl=false
The error message when trying to Execute the Connector is:
ERROR Impala Connector 0:1 Execute failed: Could not open client transport with JDBC Uri: jdbc:hive2://***:21050/***;ssl=false;kerberosAuthType=fromSubject;principal=impala/***@***: null
2. Same setup as above, using the built-in JDBC Impala driver but with SSL enabled, with JDBC Parameters:
kerberosAuthType=fromSubject
principal=impala/<hostname>@<REALM>
ssl=true
The error message when trying to Execute the Connector is:
ERROR Impala Connector 0:1 Execute failed: Could not open client transport with JDBC Uri: jdbc:hive2://***:21050/***;ssl=true;kerberosAuthType=fromSubject;principal=impala/***@***: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The Impala node is using a self-signed certificate which has been imported to the Java keystore via the Java Control Panel on Windows 10.
3. Using the Impala JDBC driver from Cloudera, v2.6, with JDBC parameters:
AuthMech=1
KrbHostFQDN=<hostname>
KrbRealm=<realm>
KrbServiceName=impala
Again, we cannot get a connection, with the error:
ERROR Impala Connector 0:1 Execute failed: [Cloudera][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][ImpalaJDBCDriver](500169) Unable to connect to server: [Cloudera][ImpalaJDBCDriver](500591) Kerberos Authentication failed..
4. Using the Impala JDBC driver v2.5, with JDBC Parameters as above:
AuthMech=1
KrbHostFQDN=<hostname>
KrbRealm=<realm>
KrbServiceName=impala
Connecting fails with the error:
ERROR Impala Connector 0:8 Execute failed: [Simba][ImpalaJDBCDriver](500310) Invalid operation: Unable to obtain password from user
We can connect in other apps, with ODBC drivers, without problems.
What is the recommended way of connecting to such a setup?